iTunes < 6.0.5 AAC File Integer Overflow (Mac OS X)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by a remote
code execution flaw.

Description :

The remote host is running iTunes, a popular jukebox program.

The remote version of this software is vulnerable to an integer
overflow when it parses specially crafted AAC files which may lead to
the execution of arbitrary code.

An attacker may exploit this flaw by sending a malformed AAC file to a
user on the remote host and wait for him to play it with iTunes.

See also :

http://www.securityfocus.com/advisories/10781

Solution :

Upgrade to iTunes 6.0.5 or newer

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 21781 (macosx_iTunes_Overflow3.nasl)

Bugtraq ID: 18730

CVE ID: CVE-2006-1467